Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10–12, 2018, Proceedings

Research Article

Multi-item Passphrases: A Self-adaptive Approach Against Offline Guessing Attacks

Download
127 downloads
  • @INPROCEEDINGS{10.1007/978-3-030-05487-8_11,
        author={Jaryn Shen and Kim-Kwang Choo and Qingkai Zeng},
        title={Multi-item Passphrases: A Self-adaptive Approach Against Offline Guessing Attacks},
        proceedings={Digital Forensics and Cyber Crime. 10th International EAI Conference, ICDF2C 2018, New Orleans, LA, USA, September 10--12, 2018, Proceedings},
        proceedings_a={ICDF2C},
        year={2019},
        month={1},
        keywords={Offline guessing attacks Self-adaptive Authentication Passphrases},
        doi={10.1007/978-3-030-05487-8_11}
    }
    
  • Jaryn Shen
    Kim-Kwang Choo
    Qingkai Zeng
    Year: 2019
    Multi-item Passphrases: A Self-adaptive Approach Against Offline Guessing Attacks
    ICDF2C
    Springer
    DOI: 10.1007/978-3-030-05487-8_11
Jaryn Shen1,*, Kim-Kwang Choo2,*, Qingkai Zeng1,*
  • 1: Nanjing University
  • 2: University of Texas at San Antonio
*Contact email: jarynshen@gmail.com, raymond.choo@fulbrightmail.org, zqk@nju.edu.cn

Abstract

While authentication has been widely studied, designing secure and efficient authentication schemes for various applications remains challenging. In this paper, we propose a self-adaptive authentication mechanism, , which is designed to mitigate offline password-guessing attacks. For example, “11th July 2018, Nanjing, China, San Antonio, Texas, research” is a multi-item passphrase. It dynamically monitors items and identifies frequently used items. Users will then be alerted when there is need to change their passphrases based on the observed trend (, when a term used in the passphrase consists of a popular item). We demonstrate the security and effectiveness of the proposed scheme in resisting offline guessing attacks, and in particular using simulations to show that schemes based on multi-item passphrases achieve higher security and better usability than those using passwords and diceware passphrases.